#!/bin/bash # My Cert Processes for LetsEncrypt Color_Off='\033[0m' Blue='\033[0;34m' BBlue='\033[1;34m' Green='\033[0;32m' LGreen='\033[1;32m' BOrange='\033[0;33m' DGray='\033[1;30m' Red='\033[10;31m' LRed='\033[1;31m' DAEMON='/usr/bin/certbot' redirect_artica-ssl_files () { MYDIR="/etc/nginx/certificates" DIRS=`ls -l $MYDIR | egrep '^d' | awk '{print $9}'` for DIR in $DIRS; do if [ $DIR != 'new' ] && [ $DIR != 'default' ] then echo -e "${LGreen}Checking cetificate redirections for \"${LRed}${DIR}${Green}\"...${Color_Off}" #rm -f /etc/nginx/certificates/${DIR}/CAkey.pem #rm -f /etc/nginx/certificates/${DIR}/certificate.pem #rm -f /etc/nginx/certificates/${DIR}/private_key.key #mv /etc/nginx/certificates/${DIR}/CAkey.pem.bak /etc/nginx/certificates/${DIR}/CAkey.pem #mv /etc/nginx/certificates/${DIR}/certificate.pem.bak /etc/nginx/certificates/${DIR}/certificate.pem #mv /etc/nginx/certificates/${DIR}/private_key.key.bak /etc/nginx/certificates/${DIR}/private_key.key if [ ! -f /etc/nginx/certificates/${DIR}/CAkey.pem.bak ] then certs_array=('certs1=(CAkey.pem private_key.key certificate.pem)' 'certs2=(chain.pem privkey.pem fullchain.pem)') for elt in "${certs_array[@]}";do eval $elt;done for ((i=0;i<=2;i++)); do mv /etc/nginx/certificates/${DIR}/${certs1[${i}]} /etc/nginx/certificates/${DIR}/${certs1[${i}]}.bak ln -s /etc/letsencrypt/live/${DIR}/${certs2[${i}]} /etc/nginx/certificates/${DIR}/${certs1[${i}]} echo -e "${Green}Certificate redirected for \"${DGray}.../${DIR}/${BOrange}${certs1[${i}]}${Green}\"${Color_Off}" done else echo -e "${Green}No changes needed to be made at this time.${Color_Off}" fi echo fi done } case "$1" in start) sleep 15 echo -e "${BBlue}HAProxy Starting...${Color_Off}" service haproxy start ssh root@10.5.10.52 service haproxy start ssh root@10.5.10.53 service haproxy start echo -e "${BBlue}NGINX Reload...${Color_Off}" service nginx reload ssh root@10.5.10.52 service nginx reload ssh root@10.5.10.53 service nginx reload exit 0 ;; stop) echo -e "${BBlue}HAProxy Stopping...${Color_Off}" service haproxy stop ssh root@10.5.10.52 service haproxy stop ssh root@10.5.10.53 service haproxy stop exit 0;; gogs-start) echo -e "${BBlue}Gogs Starting...${Color_Off}" service gogs start ssh root@10.5.10.52 service gogs start ssh root@10.5.10.53 service gogs start exit 0;; gogs-stop) echo -e "${BBlue}Gogs Stopping...${Color_Off}" service gogs stop ssh root@10.5.10.52 service gogs stop ssh root@10.5.10.53 service gogs stop exit 0;; gogs-restart) echo -e "${BBlue}Gogs Restarting...${Color_Off}" service gogs restart ssh root@10.5.10.52 service gogs restart ssh root@10.5.10.53 service gogs restart exit 0;; nginx-start) echo -e "${BBlue}NGINX Starting...${Color_Off}" service nginx start ssh root@10.5.10.52 service nginx start ssh root@10.5.10.53 service nginx start exit 0;; nginx-stop) echo -e "${BBlue}NGINX Stopping...${Color_Off}" service nginx stop ssh root@10.5.10.52 service nginx stop ssh root@10.5.10.53 service nginx stop exit 0;; nginx-restart) echo -e "${BBlue}NGINX Restarting...${Color_Off}" service nginx restart ssh root@10.5.10.52 service nginx restart ssh root@10.5.10.53 service nginx restart exit 0;; reload) service nginx reload ssh root@10.5.10.52 service nginx reload ssh root@10.5.10.53 service nginx reload exit 0 ;; new) # "$0" stop echo -e "${Green}Requesting Certificate for '${BBlue}$2${Green}'...${Color_Off}" # $DAEMON certonly --standalone -d $2 $DAEMON certonly --webroot -w /var/www/html -d $2 # chown -R root:letsencrypt /etc/letsencrypt # chmod -R 6775 /etc/letsencrypt # "$0" start # redirect_artica-ssl_files exit 0 ;; new-mass) echo -e "${Green}Requesting Certificate for '${BBlue}$2${Green}'...${Color_Off}" # $DAEMON certonly --standalone -d $2 $DAEMON certonly --webroot -w /var/www/html -d $2 # chown -R root:letsencrypt /etc/letsencrypt # chmod -R 6775 /etc/letsencrypt # redirect_artica-ssl_files exit 0 ;; renew) "$0" stop echo -e "${Green}Renewing Certificates...${Color_Off}" # $DAEMON renew $DAEMON renew certonly --webroot -w /var/www/html -d $2 chown -R root:letsencrypt /etc/letsencrypt chmod -R 6775 /etc/letsencrypt "$0" start # redirect_artica-ssl_files exit 0 ;; nightlyrenew) rm -f /opt/runcerts/cert-renewal-run-$(hostname) "$0" stop >> /opt/runcerts/cert-renewal-run-$(hostname) # $DAEMON renew >> /opt/runcerts/cert-renewal-run-$(hostname) $DAEMON renew certonly --webroot -w /var/www/html -d $2 >> /opt/runcerts/cert-renewal-run-$(hostname) chown -R root:letsencrypt /etc/letsencrypt chmod -R 6775 /etc/letsencrypt "$0" start >> /opt/runcerts/cert-renewal-run-$(hostname) exit 0 ;; redirect-ssl) redirect_artica-ssl_files service nginx restart read -n 1 -t 10 -p "Are you sure you wish to reboot (y/N)?" redirect_choice case "$redirect_choice" in [Yy]) if [ "$EUID" -ne 0 ] then service artica-webservices restart fi exit 0;; esac exit 0 ;; *) echo echo echo "Usage: $0 {new|new-mass|renew|redirect-ssl|stop|start}" echo echo "'new' - Creates a new certificate." echo "---------------------------------------------------------------------------------------" echo "examples:" echo " single-domain = 'runcerts new www.example.com'" echo " multiple-domains = 'runcerts new www.example.com,dev.example.com,...'" echo echo "'new-mass' - Creates a new certificate, but doesnt go through the" echo " process of stopping and restarting nginx each time" echo "---------------------------------------------------------------------------------------" echo "examples (same as 'new'):" echo " single-domain = 'runcerts new-mass www.example.com'" echo " multiple-domains = 'runcerts new-mass www.example.com,dev.example.com,...'" echo echo "'renew' - Renews all certificates. This command could be run routinly by adding this" echo " line into crontab: \"0 4 * * 0 /usr/local/bin/runcerts renew\"" echo "---------------------------------------------------------------------------------------" echo "examples:" echo " 'runcerts renew'" echo echo "'redirect-ssl' - Redirects the configured Artica certificates to use the LetsEncrypt certificates" echo "---------------------------------------------------------------------------------------" echo "examples:" echo " 'runcerts redirect-ssl'" echo echo "'stop' - Stops any process that interfere with creating a standalone server" echo "---------------------------------------------------------------------------------------" echo "examples:" echo " 'runcerts stop'" echo echo "'start' - Starts any process that had interfered with creating a standalone server" echo "---------------------------------------------------------------------------------------" echo "examples:" echo " 'runcerts start'" echo exit 1 ;; esac exit 0